Method for storing and operating on data units in a security module and associated security module

ABSTRACT

The invention relates to a method for storing information in information storage means of a security module and for operating on information units in a security module, and the associated security module, wherein two storage areas ( 41, 42 ) are defined, one of which ( 41 ) is for storing the information (a, b, c; d, e, f) in dispersed pieces (a, b, c), (d, e, f), the other of which ( 42 ) is for storing addresses (AA,  92 ) at which the pieces of information are located. The storage in the second storage area takes place in positions that are based on the addresses ( 83, 86 ) of the pieces of information in the first storage area ( 41 ), as defined before dispersion.

FIELD OF THE INVENTION

The invention relates to a method for storing and operating oninformation units in a security module. The term “security module”should be understood either in its conventional sense, in which itdesignates a device whose purpose in a communication or informationnetwork is to be held by an authority supervising the network and tostore, in protected fashion, secret and fundamental parameters of thenetwork such as cryptographic keys, or more simply, as designating adevice allocated to various users of the network and allowing each ofthem to access the latter, this latter device also being capable ofholding secret parameters. The security module could take the form of aportable object such as, for example, a chip card containing an embeddedchip or integrated circuit.

DESCRIPTION OF RELATED ART

It is known that a hacker is capable of reading or altering informationcontained in information storage means, particularly in electronic chipmemories, using an electronic microscope or means for producingradiation, depending on the circumstances. However, in order to beeffective, he must not only access the stored information, but alsoidentify the function of this information in the operation of thesecurity module.

SUMMARY OF THE INVENTION

The main object of the invention is to offer a method for storinginformation that makes it much more difficult to identify the functionassigned to each piece of stored information.

To this end, the invention relates to a method for storing informationin information storage means of a security module, characterized in thatit comprises the steps consisting of:

-   -   defining, in the storage means, a first storage area for storing        pieces of information that can be accessed by designating        logical addresses;    -   defining, in the storage means, a second storage area for        storing physical addresses of these pieces of information        defining their position in the first storage area, these        physical addresses being located at a position that is based on        the respective logical addresses of the information;    -   storing the information in the first storage area in a position        that is based on the respective logical addresses, and the        logical addresses of this information in the second storage area        in a position that is based on these logical addresses; and    -   permuting the logical addresses of the information units in the        second storage area, two by two, in order to define their        physical addresses, and after each permutation, permuting the        two corresponding information units in the first storage area,        or vice versa.

In a variant, the method for storing information in information storagemeans of a security module is characterized in that it comprises thesteps consisting of:

-   -   defining, in the storage means, a first storage area for storing        pieces of information that can be accessed by designating        logical addresses;    -   defining, in the storage means, a second storage area for        storing physical addresses of these pieces of information        defining their position in the first storage area, these        physical addresses being located in a position that is based on        the respective logical addresses of the information;    -   randomly storing in the second storage area the logical        addresses of the information in order to define physical        addresses of this information; and    -   storing the pieces of information in the first storage area in a        position that is based on their respective physical addresses.

Thus, the units of information are dispersed in the storage means, whichin practice prevents them from being identified. Improvements disclosedin the present document make it possible to protect the storedinformation even more.

The invention also relates to a corresponding operating method andsecurity module.

BRIEF DESCRIPTION OF THE DRAWINGS

Other details and advantages of the present invention will emerge duringthe following description of a preferred but non-limiting embodiment, inreference to the attached drawings in which:

FIG. 1 represents a data processing device cooperating with a securitymodule;

FIG. 2 represents a variant of a security module;

FIG. 3 represents a volatile memory of the security module incorporatingtwo specific storage areas, respectively constituting a secure RAM and adispersion matrix;

FIG. 4 represents the memory of FIG. 3, with a dispersion of theinformation units in the secure RAM 41;

FIG. 5 is a variant of FIG. 4, in which each information unit occupiesonly one storage cell;

FIG. 6 illustrates the marking of the cells by a pointer;

FIG. 7 is a flow chart of a procedure for inverting two cells of thedispersion matrix;

FIGS. 8 through 10 represent the volatile memory during three successivesteps of the procedure of FIG. 7;

FIG. 11 is a flow chart of a procedure for inverting two cells of thesecure RAM, which follows the procedure of FIG. 7;

FIGS. 12 through 14 represent the volatile memory during threesuccessive steps of the procedure of FIG. 11; and

FIG. 15 is a flow chart of a procedure for multiple permutation of thecells of the secure RAM.

DESCRIPTION OF THE PREFERRED EMBODIMENT(S)

FIG. 1 represents a data processing device 1 cooperating with a portableobject 8. The data processing device, in an essentially known way,comprises the microprocessor 2 to which are connected a ROM 3, a RAM 4,means 5 for cooperating with the portable object 8 with or withoutphysical contact, and a transmission interface 7 that allows the dataprocessing device to communicate with a data communication network. Thedata processing device 1 can also be equipped with storage means such asdiskettes or disks, which may or may not be removable, entry means (suchas a keyboard and/or a pointing device of the mouse type) and displaymeans, which various means are well known in the art and consequentlynot represented in FIG. 1.

The data processing device can be constituted by any computing deviceinstalled at a private or public site capable of providing means formanaging information or delivering various goods or services, whichdevice may be permanently installed or portable. It can also be a devicededicated to telecommunications.

Furthermore, the portable object 8 has a chip that includes informationprocessing means 9 which may be in the form of a microprocessor, anonvolatile memory 10, a volatile working memory RAM 14, and means 13for cooperating with the data processing device 1. This chip is laid outso as to define, in the memory 10, a secret area 11 in whichinformation, once stored, is inaccessible from outside the chip andaccessible only to the processing means 9, and an accessible area 12that the microprocessor 9 makes accessible from outside the chip for thereading and/or writing of information. Each area of the nonvolatilememory 10 can comprise an unmodifiable ROM part and a modifiable partthat is an EPROM, EEPROM or is constituted by a RAM of the “flash” type,or FRAM (the latter being a ferromagnetic RAM), i.e. having thecharacteristics of an EEPROM with access times identical to those of aconventional RAM.

For the chip, it is possible to use a self-programmable microprocessorwith a nonvolatile memory, as described in U.S. Pat. No. 4,382,279 inthe name of the Applicant. As indicated in column 1, lines 13–25 of thispatent, the self-programmable feature of the chip corresponds to thecapability for a program fi located in a ROM to modify another programfj located in a programmable memory into a program gj. In a variant, themicroprocessor of the chip is replaced—or at least supplemented—by logiccircuits installed in a semiconductor chip. In essence, such circuitsare capable of performing calculations, particularly authentication andsignature calculations, as a result of their hardwired, rather thanmicroprogrammed logic. They can also be of the ASIC (“ApplicationSpecific Integrated Circuit”) type.

A variant of FIG. 1 is illustrated in FIG. 2, in which the dataprocessing device 16 comprises, in addition to the elements of the dataprocessing device 1 of FIG. 1, those of the portable object 8 disposedin a module 15, the elements common to both FIGS. 1, 2 having the samereferences. However, the cooperation means 5, 13 of FIG. 1 are replacedby a permanent link between the microprocessor 2 and the microprocessor9.

According to a variant of FIG. 2, the data processing device isconstituted by the module 15 of FIG. 2 itself.

According to the invention, the physical location and the structure of apiece of sensitive information in one of the memories of the portableobject 8 or the module 15 changes randomly over time. Let S be a set ofn storage cells (c0, c1, c2, . . . , c(n-1)) and let f be a dispersionfunction for dispersing the content of any cell c_(i) from an originaladdress to a dispersed address f(c_(i)). The function f verifies thefollowing two properties:c_(i)≠c_(j)

f(c_(i))≠f(c_(j))c_(i)≠εS

f(c_(j))εS

-   -   (where ε is a symbol that means “belonging to”)

For example, FIG. 3 represents the structure of the RAM 14 of theportable object 8 or the module 15. It comprises 16 columns identifiedby the numbers 0 through nine, followed by the letters A through F(hexadecimal notation), and 10 lines identified by the numbers 6 through9 followed by the letters A through F. these lines and columns defineone hundred sixty cells beginning with the cell 60 (i.e. line 6, column0) and ending with the cell FF (i.e. line F, column F). Each cell storesa binary octet.

The RAM is broken down into three different areas. A first area 41comprises the cells 80 through AF and is called “secure RAM” because itscontent will be protected by means of the above-mentioned function f: itis in this area that the sensitive information to be protected will bestored. A second area 42 comprises the cells B0 through BF and is calleda “dispersion matrix” because it will be used to disperse the sensitiveinformation in the secure RAM. Finally a third area 43, called “standardRAM,” comprises the remaining cells, i.e. 60 through 7F: it is used tostore the nonsensitive information. It is noted that although, in thisexample, the secure RAM and the dispersion matrix are composed ofcontiguous cells, they could, in a variant, the composed ofnoncontiguous cells.

According to a preferred embodiment, all of the information stored inthe secure RAM is broken down into several elements called “informationunits,” each comprising the same given number of cells. In the exampleof FIGS. 3 and 4, each information unit is surrounded by a bold line andcomprises three cells: we see, for example, the information unit (a, b,c) whose content is distributed in the cells with the respectiveaddresses 83, 84, and 85, the information unit (d, e, f), and theinformation unit (g, h, i). The set of two contiguous information units(a, b, c) and (d, e, f) constitutes a complete piece of information Isuch as, for example, a password.

The size of the dispersion matrix 42, is based on the number ofinformation units that can be contained in the secure RAM, since itcomprises one particular cell for each information unit. In thisexample, the secure RAM comprises 48 cells, hence one-third that manyinformation units, or sixteen cells B0 through BF. Each information unitis associated with a cell of the dispersion matrix which, in the storagearea in question, occupies a position that is a specific function of aposition occupied by the information unit in the secure RAM 41. In thisexample, the function is the identity, so each information unit isassociated with a cell of the dispersion matrix that occupies the sameposition in the storage area in question. For example, the informationunit (a, b, c) that has the row 2 in the secure RAM, is associated withthe cell B1 that has the same position in the dispersion matrix.Likewise, the information unit (d, e, f) is associated with the thirdcell B2, and the information unit (g, h, i) is associated with thefifteenth cell BE. But in a variant, said function G can be morecomplex, the position r_(j) of the cell of the dispersion matrixresulting from a mathematical formula determined from the position r_(i)of the information unit, according to the formula: r_(j)=G(r_(i)). Thefollowing is an example in the present case in which sixteen rows aredefined: r_(j)=17−r_(i).

By definition, the address of an information unit is constituted by theaddress of the first cell it relates to: thus, the address of theinformation unit (a, b, c) of FIG. 3 is 83, the address of its firstcell containing the information (a), while the address of theinformation unit (g, h, i) is AA. In FIG. 3, the information units aredisposed at so-called “logical addresses” corresponding to the addressesthat must be provided to the portable object so that it can processthese information units. A procedure for initializing the RAM 14, whichmakes it possible to define an initial storage state of the informationunits in the secure RAM 41, will now be explained. In a first phase, thedispersion matrix 42 is filled with the addresses of the informationunits that can be stored in the secure RAM 41, these addresses beingselected randomly. In FIG. 4, only three of these addresses arerepresented: AA, 92 and 98. In a second phase, the information units tobe stored in the secure RAM 41 are re-entered based on the addressescontained in the dispersion matrix. For example, the information unit(a, b, c) is disposed at the address contained in the cell of thedispersion matrix that is associated with this information unit: we haveseen that this means the cell in position 2. This information unit istherefore disposed at the address AA. Likewise, the information unit (d,e, f) is stored at the address 92, and the information unit (g, h, i) atthe address 98. The addresses contained in the dispersion matrix of FIG.4 are called “physical addresses” because they will determine the reallocation of the information units in the secure RAM 41. In FIG. 4, thesecure RAM 41 is actually in a so-called “secure” state, since itsinformation units have been dispersed relative to the state of FIG. 3.

Another procedure for initializing the RAM 14 will now be explained, ina variant. In a first phase, the dispersion matrix is filled with thelogical addresses of the information units. Thus, the addresscorresponding to the first information unit, is placed in the firstcell, i.e. 80. The logical address corresponding to the secondinformation unit (a, b, c) is placed in the second cell, i.e. 83, etc.In a second phase, the secure RAM 41 is filled based on the addressescontained in the dispersion matrix. Thus, as represented in FIG. 3, theinformation unit (a, b, c) is stored in the second position, theinformation unit (d, e, f) in the third position, etc. Finally, in athird phase, the information units of the secure RAM 41 are dispersedtwo by two, using an elementary permutation process described below,until all the information units have been moved. In a variant, it wouldbe possible to reverse the order of the first and second phases.

In operation, when the microprocessor executes a program that requestsaccess to a piece of information such as the aforementioned informationI by designating the logical addresses 83 and 86, the microprocessorwill consult the dispersion matrix 42. It will read the first physicaladdress written in the cell in position 2, i.e. AA, then it will readthe content of the information unit (a, b, c) beginning at this addressin secure RAM. Next, it will read the second physical address written inthe cell in position three, i.e. 92, then it will read the content ofthe information unit (d, e, f) beginning at this address in secure RAM:it will then have reconstituted the information I.

According to the first embodiment described above, the information isdispersed in the secure RAM by modifying its structure, i.e. the orderin which the information units are arranged in the cells composinginformation in question, but without achieving a maximum degree ofdispersion. The variant of FIG. 5, on the other hand, makes it possibleto achieve this objective. In this example, each information unitcorresponds to only one cell of the secure RAM 41: it follows that thedispersion matrix 44 comprises as many cells as the secure RAM, i.e.forty-eight, disposed between the addresses B0 and DF.

After all the addresses of the information units have been written intothe dispersion matrix 44 and these addresses have been randomly modifiedas explained for the preceding example, the result is the dispersionmatrix of FIG. 5, in which only the physical addresses of the nineinformation units (a through i) appearing in the secure RAM of FIG. 3are represented. For example, the physical address of the informationunit (b) is stored in the cell in the same position as (b), i.e.position 5: this address is therefore 96. Likewise, the physical addressof the information unit (g) is located in the cell DA of the dispersionmatrix and equals 9C.

Then, the microprocessor of the card disperses the information units (athrough i) in the secure RAM, based on the physical addresses found inthe dispersion matrix 44. For example, the information unit (c) isstored in the cell of the secure RAM 41 whose address is written in thecell B5 of the dispersion matrix 44, i.e. the address 8F. Likewise, thephysical address of the unit of information (f) is the value AB writtenin the cell B8.

It may be seen that, in this second example, the information I, formedby six elementary pieces of information (a through f) that succeed oneanother in contiguous fashion in FIG. 3, is broken down to such a degreethat the six pieces of information (a through f) are no longercontiguous at all. Naturally, this property strengthens security, sincethe hacker's job of reconstituting the set of information (a through f)from the secure RAM, in the state in which exists in FIG. 5, is muchmore complicated than it was from the secure RAM in FIG. 4. As a generalrule, the greater the number of cells in each information unit, theweaker the protection of the sensitive information.

In the following, the address of each cell of each area of the RAM 14 isdefined by a given shift from an origin point constituted by the addressof the first cell of the area, in accordance with an addressing modespecific to a certain type of microprocessor. In a variant, it wouldnaturally be possible to define an absolute address of each cell,independent of the other cells, as was done in connection with FIGS. 3through 5.

Referring to FIG. 6, which again represents the RAM structure of FIG. 5,let pRamSec be a pointer selecting the first cell 45 of the secure RAM,and let pMat be a pointer selecting the first cell 46 of the dispersionmatrix. Any cell of the dispersion matrix contains a value thatrepresents a shift relative to the pointer pRamSec. Let us assume thatthe microprocessor has to obtain the content of a cell 47 of the secureRAM whose logical address it knows, defined as follows:pRamSec+logical shiftThe corresponding physical address is given by:pRamSec+physical shiftif (physical shift) is equal to the content of the cell 48 of thedispersion matrix which is homologous to the cell 47, i.e. which has thesame position in the matrix, the cell 48 has the following address:pMat+logical shift.

We then know how to determine the physical address of a cell to beaddressed from its logical address: a reading at this physical addressgives us a value stored at this address.

We will now described a preferred method for performing an elementarypermutation of the contents of two cells of the secure RAM selectedrandomly, in connection with FIGS. 7 through 10. First of all, asillustrated by step 71 of FIG. 7, the microprocessor 9 performs a randomselection of two numbers from a set constituted by the addresses of allthe cells of the secure RAM 41, defined by their logical shift: theforty-eight cells are defined by a logical shift having a value between0 and 47. For example, the values 4 and 8 are selected: they are thenstored in two cells C1 and C2 of the standard RAM 43, in accordance withstep 72 of FIG. 7, the result being represented in FIG. 8. In step 73,the content of the cell of the dispersion matrix 44 indicated by thelogical shift contained in the cell C1 is stored in a cell C3 of thestandard RAM 43: the logical shift being 4, the corresponding logicaladdress is pMat+4, related to the cell B4 whose content is 22. Theresult is represented in FIG. 8. Then, in step 74, the content of thecell of the dispersion matrix indicated by the cell C2 is stored in thecell indicated by the cell C1: the logical shift contained in the cellC2 is 8, which indicates the cell with the address pMat+8, i.e. the cellB8: its content 43 is disposed in the cell with the address pMat+4, i.e.the cell B4. The result is represented in FIG. 9. Finally, in step 75,the content of the cell C3 is stored in the cell of the dispersionmatrix 44 indicated by the content of the cell C2, i.e. the cell withthe logical address pMat+8, i.e. the cell B8: the result is representedin FIG. 10. It may be seen by observing FIGS. 8 and 10 that the logicalshift values 22 and 43 have been inverted.

A permutation of the addresses having been performed in the dispersionmatrix 44, it is now necessary to perform a corresponding permutation ofthe data associated with these addresses in secure RAM 41. In step 111of FIG. 11, the content of the cell of the secure RAM 41, whose logicaladdress is defined by the content of the cell C1, is read. The logicalshift value 4 returns to the cell B4 of the dispersion matrix, whichcontains the physical shift 43: the corresponding address in secure RAM41 is therefore pRamSec+43, corresponding to the cell AB. In step 112,the content of this cell is stored in the cell C3, as represented inFIG. 12. In step 113, the microprocessor reads the content of the cellof the secure RAM 41 whose address is defined by the content of the cellC2. The value 8 returns to the cell B8 of the dispersion matrixcontaining the physical shift 22: the corresponding address in secureRAM 41 is therefore pRamSec+22, corresponding to the cell 96, containingthe value b. In step 114, this value is stored in the cell of the secureRAM 41 whose logical shift is stored in the cell C1: the logical shift 4corresponds to a physical shift 43, which designates the cell AB of thesecure RAM 41. The result is represented in FIG. 13. Finally, in step115, the microprocessor stores the content f of the cell C3 in the cellof the secure RAM 41 having the logical shift stored in the cell C2,i.e. the address 96. The result appears in FIG. 14. By comparing FIGS.12 and 14, it is possible to see that the values b, f have beenpermuted.

It is possible to see in FIG. 14 the correspondence between the permutedaddresses of the dispersion matrix and the permuted values of the secureRAM 41. For example, in FIG. 3, the value (f) has an address defined bythe logical shift 8, or in FIG. 14, the physical shift 22. It may beseen that the value f is actually located in the cell 96 having thisphysical shift.

In practice, the microprocessor will perform not just one, but a certainnumber of elementary permutations constituting a so-called “multiple”permutation in accordance with the procedure of FIG. 15. In step 151,the microprocessor selects a random number AL1: typically this numberwill be, for example, between 0 and 256. In step 152, the microprocessorinitializes a counter with the value AL1. In step 153, themicroprocessor verifies that the counter has a positive value. If so, itperforms an elementary permutation in accordance with the procedure ofFIGS. 7 and 11, selecting two random numbers between zero and 47. Instep 155, the microprocessor decrements the counter by one unit, then itreturns to step 153. Once the counter has reached the value 0, itreaches the end of the multiple permutation, indicated in 156.

The multiple permutation process, or process for regenerating thedispersion matrix that has just been described, will be activated atvarious moments. It will be activated, first of all, after each power-upof the card. It will also be activated at certain critical momentsduring a utilization session of the card, for example when sensitiveinformation is processed. Thus, the loading of the PIN (PersonalIdentification Number) into secure RAM 41 assumes the transfer of 8bytes to this memory: it was decided to initiate a regeneration of thedispersion matrix after the loading of each byte of the PIN. Anotherexample is the one in which an abnormality is detected in a securityregister of the card. It will be recalled the card includes, in anessentially known way, a plurality of sensors that make it possible totest various physical characteristics of the card, for example itstemperature, the amount of radiation to which it may be subjected, theelectrical continuity of a shield for protection against mechanicalstress, etc. The state of the sensors at a given moment is recorded inthis security register. It is possible to decide to test the state ofthe security register at certain critical moments, for example beforeprocessing sensitive information, and if an abnormality is detected, toinitiate a regeneration of the dispersion matrix.

According to a variant of the invention, the dispersion matrix islocated in a memory of the card or of the security module that isdifferent from that which constitutes the secure memory. This isparticularly advantageous when wishing to save on secure memory. Forexample, in reference to FIG. 1, the dispersion matrix could be innonvolatile memory 10.

It is noted that one advantageous result of the invention consists inthat the time it takes the microprocessor to access any of theinformation stored in the secure RAM 41 is constant. This is achieved byassociating the information units with their addresses using a matrixcorrespondence (a correspondence between the cells of the secure RAM 41and those of the dispersion matrix). This prevents any hacker observingthe microprocessor from making distinctions between the accesses to thevarious information units, which distinctions might have given himinformation on the manipulated data.

While this invention has been described in conjunction with specificembodiments thereof, it is evident that many alternatives, modificationsand variations will be apparent to those skilled in the art.Accordingly, the preferred embodiments of the invention as set forthherein, are intended to be illustrative, not limiting. Various changesmay be made without departing from the true spirit and full scope of theinvention as set forth herein and defined in the claims.

1. A security module comprising: information processing means andinformation storage means, said information processing means includingmeans for defining, in the information storage means, a first storagearea for storing pieces of information that can be accessed bydesignating logical addresses; and a second storage area for storingphysical addresses of said pieces of information, said physicaladdresses defining positions of said pieces of information in the firststorage area, and said physical addresses being located in positions inthe second storage area that are based on position numbers associatedwith the respective logical addresses of the pieces of information.
 2. Amethod for storing information in information storage means of asecurity module, the method comprising: defining a first storage area inthe storage means for storing pieces of information that can be accessedby designating logical addresses; defining a second storage area in thestorage means for storing physical addresses of said pieces ofinformation, said physical addresses defining positions of said piecesof information in the first storage area (41), and said physicaladdresses being located in a position positions in the second storagearea that are based on position numbers associated with the respectivelogical addresses of the pieces of information; storing the pieces ofinformation in the first storage area in a position that is based on therespective logical addresses, and the logical addresses of saidinformation in the second storage area in a positions that are based onposition numbers associated with the respective logical addresses; andpermuting the logical addresses of the information units in the secondstorage area, two by two, in order to define their physical addresses,and after each permutation, permuting the two corresponding pieces ofinformation in the first storage area, or vice versa.
 3. A method forstoring information in information storage means of a security module,the method comprising: defining a first storage area in the storagemeans for storing pieces of information that can be accessed bydesignating logical addresses; defining a second storage area in thestorage means for storing physical addresses of said pieces ofinformation, said physical addresses defining positions of said piecesof information in the first storage area, and said physical addressesbeing located in a positions in the second storage area that are basedon position numbers associated with the respective logical addresses ofthe pieces of information; randomly storing in the second storage areathe logical addresses of the information in order to define the physicaladdresses of the information; and storing the pieces of information inthe first storage area in a position that is based on their respectivephysical addresses.
 4. A method for operating on information ininformation storage means of a security module comprising: defining onthe storage means a first storage area for storing pieces of informationaccessible by designating logical addresses, and defining a secondstorage area for storing physical addresses of said pieces ofinformation, said physical addresses defining positions of said piecesof information in the first storage area, and said physical addressesbeing located in positions in the second storage area that are based onposition numbers associated with the respective logical addresses of thepieces of information, and accessing any piece of information designatedby its logical address by reading data in said second storage area in aposition that is based on a position number associated with said logicaladdress so as to identify the physical address of said piece ofinformation in said second storage area.
 5. An operating methodaccording to claim 4, further comprising: periodically randomlymodifying the position of the physical addresses of the pieces ofinformation in the second storage area, and of correspondingly modifyingthe position of the information units in the first storage area.
 6. Anoperating method according to claim 5, wherein the periodic modificationof the position of the physical addresses and of the pieces ofinformation is activated when a piece of sensitive information isprocessed.
 7. An operating method according to claim 5, furthercomprising: permuting the physical addresses of the pieces ofinformation in the second storage area and, after each permutation,permuting the two corresponding pieces of information in the firststorage area.
 8. An operating method according to claim 4, furthercomprising: storing information units having a size smaller than thesize of the pieces of information in the first storage area; said piecesof information being accessible by designating said logical addressesand being stored in a position defined by said physical addresses.
 9. Anoperating method according to claim 8, wherein said storage meanscomprise: several cells and each piece of information has a size suchthat it is stored in only one cell of the first storage area and itsphysical address is stored in only one cell of the second storage area.10. An operating method according to claim 8, further comprising:periodically randomly modifying the position of the physical addressesof the pieces of information in the second storage area, and ofcorrespondingly modifying the position of the pieces of information inthe first storage area.
 11. An operating method according to claim 10,wherein the periodic modification of the position of the physicaladdresses and of the pieces of information is activated when a piece ofsensitive information is processed.
 12. An operating method according toclaim 10, further comprising: permuting the physical addresses of thepieces of information in the second storage area and, after eachpermutation, permuting the two corresponding pieces of information inthe first storage area.